Sign up for our Technology Newsletter 
Cyber Attacks Increasing In Middle East
Comments Off on Cyber Attacks Increasing In Middle East
Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.
More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.
“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.
He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.
“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.
DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.
The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.
Beek described SEA as similar to Anonymous.
“There’s a group leading operations, with a support group of other people that can help,” said Beek.
McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.
Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.
“It’s where the wealth and critical infrastructure is concentrated,” he said.
The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.
“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”
Is The Tesla Hackable?
It’s the curse of the connected car once it’s linked to the Internet, it’s, well, on the Internet. In the case of the Tesla Model S, this means that mischievous hackers could, in theory, control some functions of the vehicle and even snoop without the owner’s knowledge.
Tesla offers Android and iPhone apps for Model S owners, which can be used to check the vehicle’s battery, track its location and status, and tweak several other settings, like climate control and the sunroof. It can also be used to unlock the doors on the Model S.
Dell senior engineer George Reese says the REST API used by Tesla to provide access for Android and iPhone apps has several fairly serious security flaws, which could offer a way in for unscrupulous hackers.
According to an article written by Reese for O’Reilly, Tesla appears to have broken from accepted best practice when designing the API for the Model S.
“It’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs–Twitter uses it), this scenario is one that screams for its use,” he wrote.
However, Reese notes, this is merely a potential attack vector, not one that could be immediately exploited. That said, a compromised website particularly one designed to provide “value-added services” via the API to Tesla drivers could prove highly damaging.
“I can … honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving,” Reese wrote.
Automotive hacking has been posited by experts for some time, and several presentations at this year’s Defcon detailed fairly comprehensive methods of compromising some models.
Yahoo Still Playing Pac-Man
July 16, 2013 by admin
Filed under Around The Net
Comments Off on Yahoo Still Playing Pac-Man
Yahoo announced on Wednesday that it bought Qwiki for an undisclosed sum, as the firm’s spending spree continues.
Qwiki started out as a video focused search engine in 2011, before making its way into the iTunes Store as an app that turns images and videos into digital story boards.
Yahoo announced its acquisition of Qwiki on Wednesday, although it kept quiet about what it plans to do with the company and how much it spent. However, according to Allthingsd, Yahoo spent approximately $50m to further expand its digital offerings.
What’s more, while it’s unclear what Yahoo’s plans are at present, it’s likely that the firm is looking to challenge Vine and Instagram in the social video market.
Yahoo announced the news, naturally, on Tumblr. It said, “We’re excited to announce that Yahoo acquired Qwiki – a company that uses awesome technology to bring together pictures, music and video to capture the art of storytelling.
“We will continue to support the Qwiki app, and the team will join Yahoo in our New York city office to reimagine Yahoo’s storytelling experience. Stay tuned … there’s much more to come!”
Qwiki also had something to say, posting on its website, “Thank you for being a part of our story – one which is far from over. The Qwiki app will live on as a standalone entity inside Yahoo, where we will grow our thriving community and where our team will continue to work to help you share life’s best experiences.
“We are proud of the work we’ve done, and humbled by unwavering support from the NY tech community. New York is such a big part of who we are, and what we will become.”
Yahoo’s buyout of Qwiki is the latest in a series of acquisitions by the firm. Recently the firm announced that it bought Tumblr for a cool $1.1bn, with Yahoo CEO Marissa Mayer promising “not to screw it up”.
Office 365 Goes Yammer
June 21, 2013 by admin
Filed under Around The Net
Comments Off on Office 365 Goes Yammer
Microsoft has taken the first step in its integration roadmap for SharePoint and Yammer, allowing Office 365 customers to swap SharePoint Online’s activity stream with Yammer’s.
This first, modest integration point will let SharePoint Online users click on the Yammer link and launch a separate browser window where they’re asked to sign in.
Later this year, Microsoft will deepen the integration with a single sign-on and the addition of Yammer to the main Office 365 interface, which will begin to merge the two products’ user experience.
Next month, Microsoft will release a Yammer application for SharePoint that will let users embed a Yammer group feed into a SharePoint site. The application will work both with SharePoint Online and with the on-premises version of the server SharePoint 2013.
Also in July, Microsoft will provide instructions for replacing the SharePoint 2013 newsfeed with Yammer’s.
For now, the first integration step in optional, but Microsoft is strongly suggesting that Office 365 customers make the activity stream switch to Yammer.
“Our recommendation is to use Yammer, since it’s our big bet for enterprise social, and we’re committed to making it the underlying social layer for all our products,” wrote Christophe Fiessinger, a Microsoft Office Division product marketing manager, in a blog post.
Customers should also accompany the technical change with an outreach effort to promote the benefits of using the enterprise social networking features of Yammer, according to Fiessinger.
“To drive adoption and really get the value out of Yammer, you need a strategy, advocates, and openness to the way it will transform the way people in your organization work and communicate,” he wrote.
Microsoft bought Yammer for $1.2 billion in mid-2012 in order to boost the development and availability of enterprise social collaboration features in SharePoint and in other Office and Microsoft business software like the Dynamics applications.
Microsoft makes a convincing case for the benefits of integrating Yammer with SharePoint and its other software to provide a common social collaboration layer, but the process is clearly complicated and will take years.
McAffee See Sure In Spam
The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.
The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.
Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.
The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.
On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.
The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.
The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.
The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.
Twitter’s Authentication Has Vulnerabilities
June 6, 2013 by admin
Filed under Around The Net
Comments Off on Twitter’s Authentication Has Vulnerabilities
Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.
Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.
According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.
An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.
This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.
When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.
Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.
As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.
Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.
Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.
Is Yahoo Really Back?
Yahoo has once again made the list as one of the world’s 100 most valuable brands.
The Internet company nabbed the 92nd spot in the annual list of global companies from multiple industries including technology, retail and service, released Tuesday by BrandZ, a brand equity database. The ranking gave Yahoo a “brand value” of US$9.83 billion, which is based on the opinions of current and potential users as well as actual financial data.
Apple occupied the number-one position on the list, with a brand value of $185 billion. Google was number two, with a value of roughly $114 billion.
The BrandZ ranking, commissioned by the advertising and marketing services group WPP, incorporates interviews with more than 2 million consumers globally about thousands of brands along with financial performance analysis to compile the list. Yahoo last appeared on the list in 2009 at number 81.
Yahoo’s inclusion on the 2013 list comes as the Internet company works to reinvent itself and win back users. Previously a formidable player in Silicon Valley, the company has struggled in recent years to compete against the likes of Google, Facebook and Twitter.
Improving its product offerings on mobile has been a focus. New mobile apps for email and weather have been unveiled, along with a new version of the main Yahoo app, featuring news summaries generated with technology the company acquired when it bought Summly.
Most notably, Monday the company announced it is acquiring the blogging site Tumblr for $1.1 billion in cash. Big changes to its Flickr photo sharing service were also announced.
Yahoo’s rebuilding efforts have picked up steam only during the last several months, but the 2013 BrandZ study was completed by March 1.
However, last July’s appointment of Marissa Mayer as CEO likely played a significant role in the company’s inclusion in the ranking, said Altimeter analyst Charlene Li. “Consumer perception has gone up since then,” she said.
“Yahoo’s leadership has a strong sense of what they want to do with the brand,” she added.
Yahoo’s 2012 total revenue was flat at $4.99 billion. However, after subtracting advertising fees and commissions paid to partners, net revenue was up 2 percent year-on-year.
Yahoo On A Buying Spree
Yahoo has purchased a mobile gaming company, Loki Studios, taking its total acquisitions this month to four.
The company said over the weekend it welcomed Loki, Astrid, GoPollGo and MileWise to its growing mobile team. “We recently added 22 entrepreneurs to our growing mobile team,” the company said in a Twitter message in a possible reference to some of the people from the four companies who have moved to Yahoo.
Loki’s flagship application is its location-aware game, Geomon. “We are thrilled to be joining the exceptional folks at Yahoo!. We believe fully in their commitment to creating outstanding mobile products,” the Loki team said on their website.
Earlier in the week, Yahoo also acquired GoPollGo, a social polling tool. The company’s founder and team said they were moving to Yahoo, and would no longer be supporting their offerings.
It is not clear whether Yahoo has bought all these companies for their products and technology or just to get their experienced staff in the area of mobile as it tries to build up its own mobile capabilities. The way the services are being shut down suggests that their user base did not particularly interest Yahoo. The company could not be immediately reached for comment.
Will Facebook Go Lower?
September 6, 2012 by admin
Filed under Around The Net
Comments Off on Will Facebook Go Lower?
Facebook is still overvalued and analysts are starting to agree with us that the company could fall to about $13 a share.
SmartMoney’s Jack Hough is being quoted by Forbes as saying that Facebook should be worth about half what is now – about $29.52 billion, or just a tad over $13 per share. Hough compares Facebook to Google which trades at 3.6 times its projected revenues for 2014. Analysts expect Facebook to have $8.2 billion in sales that year which means you just multiply this figure by about three.
All makes sense and is a similar view to what I said when Facebook issued its daft IPO and people lost their shirts and underpants on the deal. Part of the problem is still that Facebook has not worked out a good way to make money from advertising and it has not got an effective mobile strategy.
Is NFC Taking Off?
April 4, 2012 by admin
Filed under Smartphones
Comments Off on Is NFC Taking Off?
Analyst working for Berg Insight have noted a growth in global sales of handsets featuring Near Field Communication (NFC) increased ten-fold in 2011.
More than 30 million units were sold in 2011 and the market was growing at a compound annual growth rate of 87.8 percent. It predicts that shipments will reach 700 million units in 2016. The global rise in smartphone adoption is also driving higher attach rates for other wireless connectivity technologies in handsets including GPS, Bluetooth and WLAN, the report said.
Some of the reason for the growth is the reduction in the cost of the technology. It is now a staple feature on high-end smartphones and most medium- and low-end models. Declining costs will also enable broader integration in the featurephone segment that is rapidly gaining smartphone-like functionality.
Shipments of WLAN-enabled handsets have more or less doubled annually in the past four years and the attach rate increased to 33 percent in 2011.